Advertisment

Cyber Laws of India Over Time

author-image
PCQ Bureau
New Update


Advertisment



In India we do not have any law by the name of “Cyber Law”. In May 2000, following the UN Resolution, India passed the Information Technology Act 2000 and notified it for effectiveness on October 17, 2000. This is called The Cyber Law of India in general. An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

Advertisment

The Act, when it became effective in India, the Indian police machinery wasn't ready for it. I remember a police officer of ACP rank asking his juniors to confiscate digital evidence from the place of cyber crime and the havaldars returned with 12 colour VGA monitors. When asked where are the CPUs and the hard disk, they counter-argued that the accused won't be able to do anything with his CPUs without the monitors.

In another such case, the junior police officers had punched holes in 5.4 inch floppies of yesteryears and systematically filed them as evidence in the charge sheet with other evidence to be produced before the courts. Hard disks were copied manually, CDs were collected and binded together after punching holes through them. Electronic evidence was a new topic even for the courts, so the lower court judges found escape routes in giving long dates to matters having IT Act Sections and requiring appreciating of electronic evidences. Higher court would often take references to American court judgments for deciding cases. Whether SMS can be taken as an evidence was often debated.

Advertisment

Weakness in the Act was that it did not clearly define a majority of cyber crimes apart from hacking. This Act remained silent on data privacy issues and responsibilities of Internet Service Providers, nor did it talk about best security practices to be followed by corporates. This Act of 2000 though had a draconian section for making major sections non-bailable and cognizable i.e. the police had unconstitutional powers in matters related to arrest. The compensation which could be claimed by the affected was only up to Rupees one Crore.

Currently, the IT Act, 2000 has been amended by the Information Technology (Amendment) Act, 2008. This law provides the legal infrastructure for Information Technology in India. The said Act along with its 90 sections is to be conceived with 23 rules called the IT rules, 2011.

Different types of cyber crimes have been described as offences under Chapter IX. Crimes like Hacking, phishing, data theft, identity theft, Denial of Service, spreading of virus, source code theft, sending lewd SMS/MMS/Email, pornography, child pornography and disclosure of onformation by organisations. Such crimes attract imprisonment for a period of 3 to 10 years with a penalty between Rupees 1-5 Lakhs. The victim can also ask for compensation from the adjudicating officer (normally the IT Secretary of the state) for compensation of up to Rs. 5 Cr and for compensation above Rs. 5 Cr from the civil court of relevant jurisdiction. For the crimes with less than three years of punishment, arbitration or out of the court settlement is also provisioned.

Advertisment

This act has flavors of various data protection & Internet laws which other developed countries have. Section 43A of the said act, deals with sensitive personal data contained in a computer system. This Indian act requires compliance from organization's which posses, deal or handle sensitive personal data and for not doing so, organizations shall be made liable to pay a penalty.

The IT Act, 2000 also provides for the constitution of the Cyber Regulations Advisory Committee which shall advice the government as regards any rules or for any other purpose connected with the said act. The said Act also has Five Schedules, the last one being the glossary and others which amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the said Act.

Advertisment

Email is now a valid and legal form of communication, which can be duly produced and approved in a court of law. Executives in offices need to be more careful while writing emails, whether outside the company or within as the same with whatever language could be proved in the court of law.

With the legal infrastructure of electronic signatures to regulate commercial transactions online in place, this act also covers e-commerce and e-contracts. Certifying Authorities for issuing Digital Signatures Certificates is now a reality. C2G ecommerce model is implemented i.e tax payers now pay tax online and they are authenticated by their digital signatures. A signature authenticates writing by identifying the signer with the signed document. When the signer makes a mark in a distinctive manner, the writing becomes attributable to the singer.

Advertisment

Every electronic record is under scope of the IT Act, 2000 but following electronic transactions are not under the ambit of the IT Act, 2000

a. The IT Act, 2000 is not applicable on the attestation for creating trust via digital signatures, physical attestation is must.

b. The IT Act, 2000 does not apply for the attestation on a will or a codicil, physical attestation by two witnesses is must.

Advertisment

c. A contract of sale for any immovable property.

d. Attestation for giving power of attorney of property via digital signature.

Current day's scenario, data has become the largest corporate asset. It is also now the most important asset for India Inc. Corporates invest huge amounts in storing, securing and protecting data. Under the IT Act, 2000, it is now possible for corporates to claim remedy against any perpetrator. If any such cyber criminal breaks into their computer systems or network and causes damages or commits data theft, the corporate can claim monetary damages.

As per the Rules, 2011, banks, insurance companies, telecom companies, hotels, hospitals, universities except organisation's providing services relating to collection, storage, dealing or handling of sensitive personal data or information under contractual obligation with any legal entity located within or outside India shall now publish the rules and regulations, privacy policy and user agreement for access or usage of the organisations computer resource by any person.

Note: The content of this article is intended to provide a general guide to the subject matter. If you have specific questions for the author relating to this article, then send us an email request at pcquest@cybermedia.co.in.

Advertisment